hi.
take into account that the content of what is returned is configurable by
the server administrator (that is just our default message). and turning
head on as a supported method may stop the 406 message. but yes, SecureIIS
can be identified by the fact that it does not send textual error data when
it handles a request. As you have noted, SecureIIS was not inteded to be a
stealth module, and the fact that an IIS web server returns a 406 error at
all should be a good tip(i'm not positive IIS generates those naturally in
any normal context).

--
> This list is provided by the SecurityFocus Security Intelligence Alert
(SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please
see:
> https://alerts.securityfocus.com/
>
>

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Re: FTP Tagging anyone?... > secured against various different kinds of vulnerabilities,...formatting the system is probably not necessary. ...baseline server looks like, so they can't tell what is and isn't suspicious ... this depends on your security needs....(microsoft.public.inetserver.iis.security)